glupteba | 8b47875c3610c14308db0bbd7028fada1f511d419255887ddcfc693334070965 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

8b47875c3610c14308db0bbd7028fada1f511d419255887ddcfc693334070965
Size

4.2MB
Sample

230530-ftkg9afd34
MD5

a74f977a76a84e9abe226d37060a60ff
SHA1

d0fdd076ee5b88112d0c5a9f599b4680bf391c55
SHA256

8b47875c3610c14308db0bbd7028fada1f511d419255887ddcfc693334070965
SHA512

26e517452636bbb3ae20187ccf52b9d628c8771b7f7a8459d53684a5b57007677708844eeccd666ea3dabf538f0cc35932d4b3ef07701eba34b08f25122c1854
SSDEEP

98304:+EetIp/wDrYhBLw7jCPSQSbSuKLRXxaJCNcYPEKwlzgxt5Y/LrznN5YT4:Es/cr2AKZuTKNxaKcYpLxEz7

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

8b47875c3610c14308db0bbd7028fada1f511d419255887ddcfc693334070965.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  8b47875c3610c14308db0bbd7028fada1f511d419255887ddcfc693334070965
- Size
  
  4.2MB
- MD5
  
  a74f977a76a84e9abe226d37060a60ff
- SHA1
  
  d0fdd076ee5b88112d0c5a9f599b4680bf391c55
- SHA256
  
  8b47875c3610c14308db0bbd7028fada1f511d419255887ddcfc693334070965
- SHA512
  
  26e517452636bbb3ae20187ccf52b9d628c8771b7f7a8459d53684a5b57007677708844eeccd666ea3dabf538f0cc35932d4b3ef07701eba34b08f25122c1854
- SSDEEP
  
  98304:+EetIp/wDrYhBLw7jCPSQSbSuKLRXxaJCNcYPEKwlzgxt5Y/LrznN5YT4:Es/cr2AKZuTKNxaKcYpLxEz7
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2025

Terms | Privacy